what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2019-11-15

Faraday 3.9.3
Posted Nov 15, 2019
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Fixed unicode error when exporting vulns to CSV. Added vuln attributes to CSV. Fixed hostname parsing and add external ID to Qualys plugin.
tags | tool, rootkit
systems | unix
SHA-256 | ebdc5e55d3ddb75e805e16f7f15ec82c6fbf3f0bbc5e9b5df8c6c8290f0dc6c3
FreeRadius 3.0.19 Logrotate Privilege Escalation
Posted Nov 15, 2019
Authored by Wolfgang Hotwagner

FreeRadius versions 3.0.19 and below suffer from a privilege escalation vulnerability via insecure logrotate use.

tags | exploit
advisories | CVE-2019-10143
SHA-256 | b1530adb048264dc55962092b5838c2dd92892b9cb06e495e7eec72711ab01ef
Raritan CommandCenter Secure Gateway Cross Site Scripting
Posted Nov 15, 2019
Authored by Okan Coskun, Alp Hisim

Raritan CommandCenter Secure Gateway versions prior to 8.0.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | fb82d6a6a5fcfdb0c98c5ca5755246bc0e4e73ea60db5fe5cfd714ae4a41030d
Raritan CommandCenter Secure Gateway XML Injection
Posted Nov 15, 2019
Authored by Okan Coskun, Faruk Unal

Raritan CommandCenter Secure Gateway versions prior to 8.0.0 suffer from an XML external entity injection vulnerability. A remote unauthenticated attacker may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts by using this vulnerability.

tags | advisory, remote, denial of service
advisories | CVE-2018-20687
SHA-256 | d36bb1d62f7027f3eb89783eaa7976f6ef38f3f825ebed9433772ee4d2a64e59
TP-Link Archer VR300 1 Cross Site Scripting
Posted Nov 15, 2019
Authored by Okan Coskun, Halil Ari

TP-Link Archer VR300 version 1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d755fac29b30e955d8e053dc02aa5c6042f6a62b5bc904c57f5242de99873035
WordPress Social Photo Gallery 1.0 Remote Code Execution
Posted Nov 15, 2019
Authored by Prestigia Seguridad

WordPress Social Gallery plugin version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-14467
SHA-256 | bbe844100afc7fc347c3541effe85c9a4537bc9b409cfe30a235d907352a6c5e
c0c0n 2020 Call For Papers
Posted Nov 15, 2019
Site is-ra.org

The c0c0n 2020 Middle East call for papers has been announced. It will take place June 15th through the 18th, 2020 at the St. Regis in Abu Dhabi.

tags | paper, conference
SHA-256 | be01899210382405d9d5da8b0e0fed33327e4fd0108067490e6f176ae60e4cec
Centraleyezer Shell Upload
Posted Nov 15, 2019
Authored by Omayr Zanata

Centraleyezer suffers from a remote shell upload vulnerability.

tags | advisory, remote, shell, file upload
advisories | CVE-2019-12271
SHA-256 | bc09fddb5d076496f0d59495eef17f0532cc279c9de1f6f8b7f3efba56124ba8
Kamerka 2.0
Posted Nov 15, 2019
Authored by woj-ciech

Kamerka is an OSINT tool that builds an interactive map of cameras, printers, tweets, and photos leveraging Flickr, Instagram, Shodan, and Twitter.

tags | tool
systems | unix
SHA-256 | 88a3fe6de6a1c3017fe9a78646ade0fa944a4da08f3a6ef686ccd4fc0f5c708a
iOS mediaserverd Integer Overflow Sandbox Escape
Posted Nov 15, 2019
Authored by Google Security Research, Ian Beer

iOS suffers from a sandbox escape vulnerability due to an integer overflow in mediaserverd.

tags | exploit, overflow
systems | ios
SHA-256 | 2b4a9f24dc9fb9fa02db02c8a4e93a710241e3d12f49d9ae097344a6df912908
Red Hat Security Advisory 2019-3892-01
Posted Nov 15, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3892-01 - This release of Red Hat Fuse 7.5.0 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, information leakage, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2017-15095, CVE-2017-17485, CVE-2018-1000850, CVE-2018-11307, CVE-2018-1131, CVE-2018-11775, CVE-2018-11796, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-8009, CVE-2018-8034, CVE-2019-0201, CVE-2019-0204, CVE-2019-10173, CVE-2019-14860, CVE-2019-16869, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518
SHA-256 | d033b077fbe5857e973c9773a4c3ebbcdddde8391b77c6d861aa36baf37bde9f
Ubuntu Security Notice USN-4194-1
Posted Nov 15, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4194-1 - Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2019-3466
SHA-256 | 49e9162083c95fde49d6cabf5e1324a20ce51e5f237f4ac4b89994beb11fc306
Red Hat Security Advisory 2019-3890-01
Posted Nov 15, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3890-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-14869
SHA-256 | 58ec058b8047ee0b0d0f8f0f056d3b3821ac2c69406e95aed3edae8d848446a2
Ubuntu Security Notice USN-4193-1
Posted Nov 15, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4193-1 - Paul Manfred and Lukas Schauer discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-14869
SHA-256 | e4b5e355b02180c8af5057b89aa4d74148e0c2a725d6ea57faf2278975e06a71
Red Hat Security Advisory 2019-3888-01
Posted Nov 15, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3888-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-14869
SHA-256 | 0bc732a6ed8b9ae3ced97fe444effa027c0a0845e450e26198df2d74b5a0b169
Red Hat Security Advisory 2019-3889-01
Posted Nov 15, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3889-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write vulnerability was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
SHA-256 | 84f73c26bb629a1bbaeb8cd241c7633beff29735b63cd8382c4bd754a003a7d0
Red Hat Security Advisory 2019-3887-01
Posted Nov 15, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3887-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. An arbitrary kernel memory write vulnerability was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
SHA-256 | 9ab632ed83bbabd23d67d2fd5c9c984382c8bc06cc07fd1d01578bb99eb07cd0
Shrew Soft VPN Client 2.2.2 Unquoted Service Path
Posted Nov 15, 2019
Authored by D.Goedecke

Shrew Soft VPN Client version 2.2.2 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 135678976944a39c4dbe26959a6578f3305757c2dd1d93b888dd1b35cd1aa468
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close